962ed2f239d6c104879638765382a2b8f95002b9ccedf7b17368e9e73ea6220e

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eefba1332938c6e6e6f609bddd493f24_JaffaCakes118.html
Size

8KB
MD5

eefba1332938c6e6e6f609bddd493f24
SHA1

c400500929f7083135a68f0e195d359f05b07473
SHA256

962ed2f239d6c104879638765382a2b8f95002b9ccedf7b17368e9e73ea6220e
SHA512

19151c734c04a119731a0afde9302cb21a9db3bc30b54304bffb0e66593c63dd7accf76a684f82bd77cd660cf3d8af2ba0b6fc1e3b248e63dde2c399f7362aae
SSDEEP

96:qyhfVEYb6uUM4i9dMaACC99/Jea/3z0QtMYNtY7yW1Zp81+R/5l/6VwS:HfqO6uL4eZACCZeI3YWMYI81Q/5l/62S

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58C5CA81-77C9-11EF-B2D5-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000055dbf5349659c24826b5126a12eb63502afaa55f84d7189295dd282c5c73049e000000000e80000000020000200000002105cb42543dcf1b7ed751830ecdfd925f7af6c478720a057f665b1c2485a79d200000000b921db6fbdc95306d74b5018ec40ef66776ea6cd60f3380cf116db8a369b01940000000457a5bf1d08d44705fb5025348e92db34d5a0042d07455f5c9d3b27ecb1e791fcac804f64d3cf56bd61d02905034cec7c29603e514d13059a27e8cf7ee401462	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b030b02dd60bdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000096125e16cc8ad252b4d4aaf1d5e047a863404657efd0de2e98b9fc67ca3ba4c4000000000e8000000002000020000000f00b2a1bae96ad8a4449561226aea4a62d51d6168d38b02b9bcc1b84dd8f07339000000058e8489d020cfd23a8f319d85a7a2def3e8d928b9a5c8e21a290fa5816bd5b6d20ba5669b01f74e324a674d29077c4a38bf7a10a25a545e004070e140a2d1e95ae013b5bb03cda8f4f7f291474c91a4731e79b59c775e524f770b53c21f18e76f069edaa21e3ab56ef6b137efca59129348150cd3868308c349f8d2d94782787b1e04aa2bd7f414e0c64fddf9edf169b400000008cd61031d2bc7ec7ace34bd6984ba5be88dc698c19c433d6c52dddedf83f123c10934caddfc64cfeb2e102aae9778e7ef6aa76b24594aff9eb024d01fa0177e5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433051081"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2692	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2768	2692	iexplore.exe	30
PID 2692 wrote to memory of 2768	2692	iexplore.exe	30
PID 2692 wrote to memory of 2768	2692	iexplore.exe	30
PID 2692 wrote to memory of 2768	2692	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eefba1332938c6e6e6f609bddd493f24_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36e6cedca131c099ed73efa9edbc8bb6

SHA1
1f64f7b96a50126a35f22bab36d8109a73c6374f

SHA256
8f320ed61c5f4e6cd1060e595bf7d4de539420d8366d7d6f5ccde8f58dab763b

SHA512
583e842d558eb674d438213ac6917a63bb3aeaa211505e216b500dc2003609c297d22816852705d837efae891a5802d7dbf22d42667450eb4695e56d0059eae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15eacb1e888433d0707d54a29170a89b

SHA1
8b52563783c7b5a9f64aa3849999d00cd3f1e04c

SHA256
1899028e374297cd40b8596a6157c9b76abaa3b84bf1a4732430a79877b2ba2e

SHA512
2a751d444a45f8976f778da0fd5a36e23454e6aa57ae328daa92a9a08916c1d0f20023e31a1b6a07e78645a077cf55819c2dcdf150a7b427c8db046212e3acac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7d77b7a05eb18b5c0332db66d993474

SHA1
1b5323de78aa4343431304a130dcfd1eac9dece9

SHA256
6d0e38cbc92fd17bc80cd6b4704a26b2e968ba04d3a7afd8e1d07476aa3d08da

SHA512
0793fad8413809dba50e55397d0f98165e1bfb8f7f3b8c1c0eca250c13c4dcb5e54da2044e785918f76e72d4ba40e0b7848b1f90214d9996e6feb1b67380a28e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ad5880e8d18ed32e33ae1d105c794fd

SHA1
a3029b42aa7c9c180bb612e321bbe0069703c62a

SHA256
6d5c03d9b82288382e27aeb77fc9da03ae77c49562901535c3f664ea040e349b

SHA512
571235028f9132f2408500cd0442af87b8bdb70301e4f092253c39ade3ac6f0955ed6cfd1238bcc4671a7e4d01edf5c5b6bec359aac2061ca7b2fc72cba9fb7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2be9d840108b1a676550b42ff708af

SHA1
73288330f911822e74558d7b46aef8045b0b40b3

SHA256
1aec1e96981b9f59759f77491f3e0e9e9b779a9d609fb07ca4475bc19ac50717

SHA512
e8af9e00eb89977104906e880c4b2205efbcd807bfd458d4a61b7038d078eb7d41d008076228472235de9e010120682c5d469c6afa36d8dc49d1b9094d0deb94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7da10887dc6d6b2a9318c6ce0fb95b9

SHA1
6146fc3ffeca809acf55cc98bea3ef3167729dc0

SHA256
142c7d41c88b407b29cdfe313591e144822e28a73f48e4a91c6f54db61e37b93

SHA512
2389fb61b8b713ae8fcac76f57fd88ed8c285793fd878961f62e1757ba0d6acb0605f41c9e21ed690ca3e41f7d0df2c5e120d0a05c1f7468ec49724a90354dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c7eaae976ee05009d67efd613e94a41

SHA1
44b1a3a1b9e864cb2fe0f47057113a2bbf7f82c1

SHA256
a9f55c2cc9219382eaff8d1c271816cab89cad6efeabd61fde82f701902b57b7

SHA512
eba94d828b601f74a8303ccb3e1c5232ce0148f21485db1c9f0b326fb76cfff46545e4b83c8e98b6f3c4a292408b5870da5878c1ce365412bd715f2a877d945e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62fc906b830a05ca0bf502f1fb1c3c2e

SHA1
ad598f4a9b499f51e8dc0582858166219d9f7598

SHA256
a0fff7ed4c9289b14091c4d30346090834e798243013550d81f488a767e28732

SHA512
7b09a201ccfb93bd811d24315858dccb84fb085a2aeb1a2a158261fe74172fb21a2a1ef86baad48926f069c0cf8380c35578bdaefb46b058c7402b0c9a564ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32cd1babbdad7e026bde4a1b62b6ec74

SHA1
fdce26de5a95771392c0900eaeac3e24434ac482

SHA256
1a0d1c19558f65e7388072c691adb2f4a85be81d264b894cc739e17406021761

SHA512
292e75cc80708d8598cd246f30d81a3ac8dbc6a95f0f4a72d57a16ee6be9f2f0a30f7830682d677ae86412b02543be6039dbe7e78f9265618317f19f9016be2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72a25b1869e2085af05e71c7817c6714

SHA1
8d8663ae821d1b52009faae2ca1a7e910a9388f6

SHA256
9f86ea258f326061a804b9da62dfe05db4978af60f8c8a34105871b695bce332

SHA512
1010d134c9427d1f0af8fc2e85af22decf7585b3bf8ee403bf2c11ec3478fda4550561b2d503eb63583482aca91b8b73295340193f03058b6c1eb380b3d5d9aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d7ca422873e077204049b427193903e

SHA1
529e1e52c0b908e99fa29933f46060c61f94a8a1

SHA256
78185e9d06d8f6f2901106d4aae8056475b830f05e1212c4042cf2f2b2d07aa9

SHA512
aa0ff1d7cd20465d7a529af6bb4b65a1ff2c53674ec45835211460fde6229f72af5df735dd604705f4e22411566dcbcb529e0fbe4ea0ffbca82743e64aaa5937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29facf8cd3523a2dcbcd685494a03e53

SHA1
f0ca546e2639e175f4d0fd5db31145f281a1e0d8

SHA256
bc1e04feceffcd2ee35dc02f33247188ecc4ebf17288576e285f709411193e60

SHA512
de04aaaca3040c19d317a7ab3da84d8a493564f0dde7fbfe24fd710423bf70205fe37adaa77e7b39984d9f3efd5e78a473944b356a493e714ecc5893f3d1e86b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c2de47b9e23f8154cef814f71e905f

SHA1
ff9acfb37ce4e9a680790762ef5edce1ef12cf45

SHA256
8d3268a67bd1ab8c81011b975a0ddacc3d76e91cd2d4e3dc35e979a6876be965

SHA512
f940f8492c782671fc736960d4de4fccab19786f4142397b7243a5ab8411d5e2b1e58b9b45fbf55845b09ac5baecc5e3348e72c269ee3ceca2819d3691eab3c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e0be5d066ac3f0f46df772920ccaecb

SHA1
99ffa454106b78f7605d54366dc4d0ee36a0fbbe

SHA256
de42a0f90ceea47fb080167f30d1f0f3550151db46c28dee7e9eb3d37e69c410

SHA512
0698a9b9220d306e813027c5202b4500b284017d317fe545ec501e961b60efd771966a7c832eaa4a503a08d7e2d1b78e231aca49330c9df00f3ccef72697adc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
caeaf204b4cbadcd88d9e71cafcbca22

SHA1
047fb164a29adc18f95eec354654f4cd5ced4ce2

SHA256
42af729ed2b601e7c4ba2e5f840df363becd853dd6e8b9eb1b75c29491d10cce

SHA512
3d5218637c25dc7a5ee9ddec1022f435cbea9a2589446d587e93f9dec87187b9db56e610bb07fe14d6d8c539dcb3fbfe3dacdc10c81e214e43ea867e2e852bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3EB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit